Exploitdb Exploits

31,357 exploits tracked across all sources.

Sort: Activity Stars
EIP-2026-110221 EXPLOITDB text VERIFIED
Open Auto Classifieds 1.5.9 - Multiple Vulnerabilities
by Andrew Horton
CVE-2009-4614 EXPLOITDB text VERIFIED
Moa Gallery < 1.2.0 - Remote Code Execution via MOA_PATH Parameter
Multiple PHP remote file inclusion vulnerabilities in Moa Gallery 1.2.0 and earlier allow remote attackers to execute arbitrary PHP code via a URL in the MOA_PATH parameter to (1) _error_funcs.php, (2) _integrity_funcs.php, (3) _template_component_admin.php, (4) _template_component_gallery.php, (5) _template_parser.php, (6) mod_gallery_funcs.php, (7) mod_image_funcs.php, (8) mod_tag_funcs.php, (9) mod_tag_view.php, (10) mod_upgrade_funcs.php, (11) mod_user_funcs.php, (12) page_admin.php, (13) page_gallery_add.php, (14) page_gallery_view.php, (15) page_image_add.php, (16) page_image_view_full.php, (17) page_login.php, and (18) page_sitemap.php in sources/.
by cr4wl3r
CVE-2009-4627 EXPLOITDB text VERIFIED
Moa Gallery <1.2.0 - Path Traversal
Directory traversal vulnerability in sources/_template_parser.php in Moa Gallery 1.2.0 and earlier allows remote attackers to read arbitrary files via a .. (dot dot) in the p_filename parameter, a different issue than CVE-2009-4614.
by GoLd_M
EIP-2026-109521 EXPLOITDB text VERIFIED
Moa Gallery 1.2.0 - 'index.php?action' SQL Injection
by Mr.SQL
CVE-2009-3194 EXPLOITDB text VERIFIED
JCE-Tech SearchFeed Script - Cross-Site Scripting via Search Parameter
Cross-site scripting (XSS) vulnerability in index.php in JCE-Tech SearchFeed Script allows remote attackers to inject arbitrary web script or HTML via the search parameter.
by Moudi
CVE-2009-3196 EXPLOITDB text VERIFIED
php_video_script - Cross-Site Scripting via Key Parameter
Cross-site scripting (XSS) vulnerability in index.php in JCE-Tech PHP Video Script allows remote attackers to inject arbitrary web script or HTML via the key parameter.
by Moudi
CVE-2009-3185 EXPLOITDB text VERIFIED
Crazy Star plugin 2.0 for Discuz! - Authenticated SQL Injection via fmid Parameter
SQL injection vulnerability in plugin.php in the Crazy Star plugin 2.0 for Discuz! allows remote authenticated users to execute arbitrary SQL commands via the fmid parameter in a view action.
by ZhaoHuAn
CVE-2009-3189 EXPLOITDB text VERIFIED
DigiOz Guestbook 1.7.2 - Cross-Site Scripting via Search Term Parameter
Cross-site scripting (XSS) vulnerability in search.php in DigiOz Guestbook 1.7.2 allows remote attackers to inject arbitrary web script or HTML via the search_term parameter.
by Moudi
CVE-2009-3195 EXPLOITDB text VERIFIED
JCE-Tech Auction RSS Content Script 3.0 - Cross-Site Scripting via id Parameter
Multiple cross-site scripting (XSS) vulnerabilities in JCE-Tech Auction RSS Content Script 3.0 allow remote attackers to inject arbitrary web script or HTML via the id parameter to (1) rss.php and (2) search.php.
by Moudi
CVE-2009-3195 EXPLOITDB text VERIFIED
JCE-Tech Auction RSS Content Script 3.0 - Cross-Site Scripting via id Parameter
Multiple cross-site scripting (XSS) vulnerabilities in JCE-Tech Auction RSS Content Script 3.0 allow remote attackers to inject arbitrary web script or HTML via the id parameter to (1) rss.php and (2) search.php.
by Moudi
EIP-2026-105104 EXPLOITDB text VERIFIED
allomani 2007 - 'cat' SQL Injection
by NeX HaCkEr
EIP-2026-103940 EXPLOITDB text VERIFIED
IBM Tivoli Identity Manager 5.0.5 - User Profile HTML Injection
by IBM
EIP-2026-115959 EXPLOITDB text VERIFIED
Novell Client for Windows 2000/XP - ActiveX Remote Denial of Service
by Francis Provencher
CVE-2009-3038 EXPLOITDB text VERIFIED
IBM Lotus Notes Connector - Denial of Service via lnresobject.dll ActiveX Control
A certain ActiveX control in lnresobject.dll 7.1.1.119 in the Research In Motion (RIM) Lotus Notes connector for BlackBerry Desktop Manager 5.0.0.11 allows remote attackers to cause a denial of service (Internet Explorer crash) by referencing the control's CLSID in the classid attribute of an OBJECT element.
by Francis Provencher
EIP-2026-115028 EXPLOITDB text VERIFIED
Cerberus FTP 3.0.1 - 'ALLO' Remote Overflow Denial of Service (Metasploit)
by Francis Provencher
CVE-2009-3973 EXPLOITDB text VERIFIED
Turnkey Arcade Script - SQL Injection
SQL injection vulnerability in index.php in Turnkey Arcade Script allows remote attackers to execute arbitrary SQL commands via the id parameter in a browse action, a different vector than CVE-2008-5629.
by Red-D3v1L
EIP-2026-112573 EXPLOITDB text VERIFIED
TCPDB 3.8 - Remote Content Change Bypass
by Securitylab.ir
EIP-2026-110248 EXPLOITDB text VERIFIED
OpenAutoClassifieds 1.5.9 - SQL Injection
by Andrew Horton
CVE-2009-3972 EXPLOITDB text VERIFIED
Joomla! com_siirler 1.2 RC - SQL Injection
SQL injection vulnerability in the Q-Proje Siirler Bileseni (com_siirler) component 1.2 RC for Joomla! allows remote attackers to execute arbitrary SQL commands via the sid parameter in an sdetay action to index.php.
by v3n0m
CVE-2009-4958 EXPLOITDB text VERIFIED
EMO Breeder Manager - SQL Injection via video.php idd Parameter
SQL injection vulnerability in video.php in EMO Breeder Manager (aka EMO Breader Manager) allows remote attackers to execute arbitrary SQL commands via the idd parameter.
by Mr.SQL
EIP-2026-103777 EXPLOITDB text VERIFIED
HyperVM - File Permissions Credential Disclosure
by Xia Shing Zee
CVE-2009-4960 EXPLOITDB text VERIFIED
Lanai Core 0.6 - Path Traversal via Download Module f Parameter
Directory traversal vulnerability in modules/backup/download.php in Lanai Core 0.6 allows remote attackers to read arbitrary files via a .. (dot dot) in the f parameter.
by Khashayar Fereidani
EIP-2026-116523 EXPLOITDB text VERIFIED
War-FTPD 1.65 - MKD/CD Requests Denial of Service
by opt!x hacker
CVE-2009-3199 EXPLOITDB text VERIFIED
Uebimiau Webmail 3.2.0-2.0 - Unauthenticated Exposure of Sensitive Information via Direct Request
Uebimiau Webmail 3.2.0-2.0 stores sensitive information under the web root with insufficient access control, which allows remote attackers to download a database with usernames and password hashes via a direct request for system_admin/admin.ucf.
by Septemb0x
CVE-2009-2965 EXPLOITDB text VERIFIED
Radvision Scopia - Cross-Site Scripting via Page Parameter
Cross-site scripting (XSS) vulnerability in entry/index.jsp in Radvision Scopia 5.7, and possibly other versions before SD 7.0.100, allows remote attackers to inject arbitrary web script or HTML via the page parameter.
by Francesco Bianchino
By Source
All 31,357 Writeup 60,527 Exploitdb 50,033 Nomisec 21,980 Metasploit 3,232 Github 2,994 Vulncheck_xdb 909 Inthewild 514 Gitlab 451 Gitee 415 Patchapalooza 312
By Language
text 31,357 python 6,238 ruby 5,922 c 3,593 perl 2,850 html 2,059 php 1,327 bash 460 java 364 c++ 253 javascript 220 shell 101 go 65 postscript 25 xml 24